Microsoft patched a essential zero-day data disclosure flaw in its Desktop Window Supervisor (DWM) on January 13, 2026, within the Patch Tuesday replace after detecting lively exploitation within the wild.
Tracked as CVE-2026-20805, the vulnerability permits low-privilege native attackers to reveal delicate user-mode reminiscence, particularly part addresses, through distant ALPC ports. This might support additional privilege escalation chains in real-world assaults, prompting pressing patch deployment throughout legacy Home windows programs.
The flaw earned an “Necessary” severity ranking with a CVSS v3.1 base rating of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Whereas not remotely exploitable, its low complexity and lack of consumer interplay make it a first-rate goal for malware or post-compromise operations.
Microsoft Menace Intelligence Heart (MSTIC) and Safety Response Heart (MSRC) confirmed exploitation however famous no public proof-of-concept exists but.
Attackers exploit DWM, a core compositing engine dealing with window rendering, to leak reminiscence addresses. This disclosure might reveal kernel pointers or course of information, facilitating bypasses of mitigations like ASLR. Microsoft credit inside groups for discovery through coordinated disclosure.
Affected Platforms and Patches
The vulnerability impacts older Home windows variations nonetheless in prolonged help. Directors should prioritize updates, as Microsoft deems them “Required.”
Examine the MSRC Replace for full lifecycle particulars. Within the interim, limit native low-privilege accounts and monitor DWM processes through EDR instruments.
This patch wave underscores ongoing dangers in legacy DWM elements amid rising native privilege escalation techniques. Organizations on unsupported builds face heightened publicity.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
